Suspicious Object Lists

Apex Central consolidates Virtual Analyzer Suspicious Objects lists and synchronizes all Suspicious Object lists among many managed products. The way each managed product implements the lists depends on how the product implements the feature. Refer to your managed product Administrator's Guide for more information about how the product uses and synchronizes the Suspicious Object lists.

Note:

Administrators can configure specific scan actions on Suspicious Objects using the Apex Central console. You can then configure certain managed products to perform actions based on the Suspicious Object list settings.

For more information, see Suspicious Object Scan Actions.

List Type	Description
Virtual Analyzer Suspicious Objects	Apex Central synchronizes Suspicious Object lists from Apex One Sandbox as a Service. If Apex One Sandbox as a Service determines that an object is a possible threat, Apex One Sandbox as a Service adds the object to the Virtual Analyzer Suspicious Object list. Apex One Sandbox as a Service then sends the list to its registered Apex Central server for consolidation and synchronization purposes. On the Apex Central console, go to the Threat Intel > Virtual Analyzer Suspicious Objects > Objects tab to view the Virtual Analyzer Suspicious Objects list. For more information, see Suspicious Object Detection.
Exceptions to Virtual Analyzer Suspicious Objects	From the list of Virtual Analyzer suspicious objects, Apex Central administrators can select objects that are considered safe and then add them to an exception list. On the Apex Central console, go to the Threat Intel > Virtual Analyzer Suspicious Objects > Exceptions tab to view the Virtual Analyzer Suspicious Object Exceptions list. For more information, see Adding Exceptions to the Virtual Analyzer Suspicious Object List.
User-Defined Suspicious Objects	Apex Central administrators can add objects they consider suspicious but are not currently in the list of Virtual Analyzer suspicious objects by going to the Threat Intel > Custom Intelligence > User-Defined Suspicious Objects. For more information, see Preemptive Protection Against Suspicious Objects.

List Type

Description

Virtual Analyzer Suspicious Objects

Apex Central synchronizes Suspicious Object lists from Apex One Sandbox as a Service. If Apex One Sandbox as a Service determines that an object is a possible threat, Apex One Sandbox as a Service adds the object to the Virtual Analyzer Suspicious Object list. Apex One Sandbox as a Service then sends the list to its registered Apex Central server for consolidation and synchronization purposes.

On the Apex Central console, go to the Threat Intel > Virtual Analyzer Suspicious Objects > Objects tab to view the Virtual Analyzer Suspicious Objects list.

For more information, see Suspicious Object Detection.

Exceptions to Virtual Analyzer Suspicious Objects

From the list of Virtual Analyzer suspicious objects, Apex Central administrators can select objects that are considered safe and then add them to an exception list.

On the Apex Central console, go to the Threat Intel > Virtual Analyzer Suspicious Objects > Exceptions tab to view the Virtual Analyzer Suspicious Object Exceptions list.

For more information, see Adding Exceptions to the Virtual Analyzer Suspicious Object List.

User-Defined Suspicious Objects

Apex Central administrators can add objects they consider suspicious but are not currently in the list of Virtual Analyzer suspicious objects by going to the Threat Intel > Custom Intelligence > User-Defined Suspicious Objects.

For more information, see Preemptive Protection Against Suspicious Objects.